NIST publishes updated draft guidance for engineers under Special Publication 800-160
NIST recently published updated draft guidance for engineers under Special Publication 800-160 “Engineering Trustworthy Secure Systems”. According to the document abstract, it “addresses the engineering-driven perspective and actions necessary to develop more defensible and survivable systems, inclusive of the machine, physical, and human components that compose those systems and the capabilities and services delivered by those systems.”
They focused on strategic objectives that drove the majority of updates to the previous publication. This includes more strongly positioning systems security engineering as a sub-discipline of Systems Engineering, emphasizing the broad responsibility for engineering trustworthy secure systems, aligning secure engineering practices with safety practices, focusing on the assurance of the correctness and effectiveness of the system’s security capability, emphasizing security roles and purpose, and more closely aligning to international standards.
This document is over 200 pages and will serve as a trusted guide and resource for computer engineers and other programming professionals to enhance cybersecurity efforts, embed security by design, and protect modern security systems.
The newly published document can be found at: https://admin.govexec.com/media/gbc/docs/pdfs_edit/sp_800-160-v1-r1-ipd-embargo_(1).pdf